Re: snmpv3 authpriv security level support on 3750 switch

Difan Zhao · ‎05-20-2011

Hi experts,

Maybe I haven't done enough research but I really need to get some info for the meeting in the next 1 hour!!!!

My lab 3750 switch doesn't seem to support auth+priv. It only supports the auth... However I need to the packets to be encrypted as well... So when I configure the user I don't have the "priv" option after the "auth" configuration.

NE-CORE(config)#snmp-server user The_user The_group v3 auth md5 The_passcode ?
access specify an access-list associated with this group
<cr>

My switch is WS-C3750-24PS-S. It's running firmware C3750-IPSERVICES-M.Does the switch support it at all or I just missed some configuration? The followings are the entire snmpv3 configuration.

snmp-server engineID local 0000000001
snmp-server engineID remote <IP> 0000000002
snmp-server group The_group v3 auth
snmp mib community-map switchback engineid 800000090300001DA2678C03

Thanks!

Difan

PETER EIJSBERG · ‎05-20-2011

I might be wrong, but check this: http://www.cisco.com/en/US/docs/ios/ios_xe/netmgmt/configuration/guide/nm_cfg_snmp_sup_xe.html#wp1201017

The command is snmp-server user username groupname [remote ip-address [udp-port port]] {v1 | v2c | v3 [encrypted] [auth {md5 | sha} auth-password]} [access access-list] so if you want privacy, I supposed you have to add the word "encrypted" before the keyword "auth"

Peter

Difan Zhao · ‎05-20-2011

Hey Peter,

Thanks for the reply! Actually it's because that my old firmware didn't have the "k9" or the encryption feature... I updated it with a newer firmware and it worked. The "encrypted" keyword or option is just for you to provide a hashed key.

Thanks anyway!

Difan